Before v7.4.4, the limit for each external resource is 10MB or 128K entries.

From v7.4.4, External resource entry limits are applied globally and file size restrictions vary by device model. When VDOMs are enabled, global entries are prioritized and then VDOM entries are processed in alphabetical order by their names.

The limits are defined by the model ranges - High-End (Data Center), Mid-Range (Campus), and Entry-level (Branch).

Refer to Threat feeds

For example, FortiGate-6K (High-End) has an IP address entry limit of 300000.

FGT6K# diagnose sys external-resource stats

name: external_list_1 ; uuid_idx: 606; type: category; update_method: push; total lines: 150000; valid lines: 150000; error lines: 0; used: no; buildable: 150000; total in count file: 150000;

name: external_list_2 ; uuid_idx: 863; type: category; update_method: feed; truncated total lines: 80000; valid lines: 80000; error lines: 0; used: no; buildable: 80000; total in count file: 80000;

name: external_list_3 ; uuid_idx: 868; type: category; update_method: push; total lines: 200000; valid lines: 200000; error lines: 0; used: yes; buildable: 70000; total in count file: 200000;

Here the limit of 300000 entries is crossed, so 130000 entries from external_list_3 are truncated. The 'buildable' count can be added to reach the total number of entries considered.

Related document:

Threat feeds

Note: The maximum number of entries allowed for each type per model range up to version 7.6.2 was 300,000.

See the Threat feeds - FortiGate 7.6.2 administration guide.

From v7.6.3, the IP address capacity on mid-range FortiGate models has been raised from 300,000 to 1,000,000.

On high-end FortiGate models, the number of IP addresses has been increased from 300,000 to 5,000,000.

Related documents:
Threat feeds - FortiGate 7.6.3 administration guide 
Changes in table size - FortiOS release notes